1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00

send proper csrf header

This commit is contained in:
glaszig 2019-08-07 23:53:04 +02:00
parent 1fddad190f
commit 56097d5629
3 changed files with 1 additions and 12 deletions

View File

@ -6,6 +6,3 @@ include_once('session.php');
if (csrfValidateRequest() && !CSRFValidate()) {
handleInvalidCSRFToken();
}
ensureCSRFSessionToken();
header('X-CSRF-Token', $_SESSION['csrf_token']);

View File

@ -19,6 +19,7 @@
*/
require('includes/csrf.php');
ensureCSRFSessionToken();
include_once('includes/config.php');
include_once(RASPI_CONFIG.'/raspap.php');

View File

@ -167,14 +167,6 @@ function setCSRFTokenHeader(event, xhr, settings) {
}
}
function updateCSRFTokens(event, xhr, settings) {
var newToken = xhr.getResponseHeader("X-CSRF-Token");
if (newToken) {
$('meta[name=csrf_token]').attr('content', newToken);
$('[name=csrf_token]:input').attr('value', newToken);
}
}
function contentLoaded() {
pageCurrent = window.location.href.split("?")[1].split("=")[1];
pageCurrent = pageCurrent.replace("#","");
@ -190,5 +182,4 @@ function contentLoaded() {
$(document)
.ajaxSend(setCSRFTokenHeader)
.ajaxComplete(updateCSRFTokens)
.ready(contentLoaded);